From owner-freebsd-questions@FreeBSD.ORG  Thu Nov  6 00:50:41 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D47DB16A4CF
	for <freebsd-questions@freebsd.org>;
	Thu,  6 Nov 2003 00:50:41 -0800 (PST)
Received: from mail.lphp.org (APastourelles-107-1-4-33.w193-253.abo.wanadoo.fr
	[193.253.178.33])
	by mx1.FreeBSD.org (Postfix) with ESMTP id EAA6E44014
	for <freebsd-questions@freebsd.org>;
	Thu,  6 Nov 2003 00:50:32 -0800 (PST)
	(envelope-from ajacoutot@lphp.org)
Received: from lphp.org (modem209.metz.imaginet.fr [195.68.12.209] (may be
	forged))
	by mail.lphp.org (8.12.10/8.12.10) with ESMTP id hA68iwCP001220;
	Thu, 6 Nov 2003 09:44:58 +0100 (CET)
	(envelope-from ajacoutot@lphp.org)
Message-ID: <3FAA0B4A.9060204@lphp.org>
Date: Thu, 06 Nov 2003 09:50:18 +0100
From: Antoine Jacoutot <ajacoutot@lphp.org>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.5) Gecko/20031104
X-Accept-Language: fr-fr, fr, en-us, en
MIME-Version: 1.0
To: Roland Wells <freebsd@thebeatbox.org>
References: <PDEILHPKMOIPFPKCGAPBOEDICNAA.freebsd@thebeatbox.org>
In-Reply-To: <PDEILHPKMOIPFPKCGAPBOEDICNAA.freebsd@thebeatbox.org>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
cc: freebsd-questions@freebsd.org
cc: Jason Williams <jwilliams@courtesymortgage.com>
Subject: Re: FreeBSD +Samba +OpenLDAP as a Primary Domain controller
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Nov 2003 08:50:41 -0000

Roland Wells wrote:
> Any pointers, walk-throughs, warnings or the like would be greatly
> appreciated. If you want to see more about our specific situation (which
> we have titled "Set Us Free(BSD)", check out:
> http://fftechcenter.org/content/articles/setusfreebsd.html

There don't see to be any major issue.
It looks like a lot of people are interested in the topic.

Basically, here is what I have working so far (in a minimal production 
environment of 30 people).

- FreeBSD-CURRENT with dynamic root
- LDAP Unix authentication vithe pam_ldap and nss_ldap --> with 
start_tls on for security
- Samba3 (from the samba-devel port patched for ldap support) PDC for 
Win NT/2k/XP stations; roaming profiles; group mappings; unix/windows 
password synchronisation... LDAP backend using samba3 schema
- UFS2 filesystem with ACLs enabled

I did not have any problem whatsoever yet, but I encourage people 
wanting to use this on a production intensive server to wait for 
5.2-RELEASE at the least.

Antoine